<!doctype html>
<html lang="en">
<head>
	<meta charset="utf-8">
	<title>IoT Security Lecture</title>

	<meta name="description" content="IoT Security Lecture">
	<meta name="author" content="Eugene Teo and Sayanee Basu">
	<meta name="apple-mobile-web-app-capable" content="yes">
	<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">

	<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">

	<link rel="stylesheet" href="css/reveal.css">
	<link rel="stylesheet" href="css/theme/day.css" id="theme">
	<link rel="stylesheet" href="lib/css/zenburn.css">

	<!-- Printing and PDF exports -->
	<script>
		var link = document.createElement( 'link' );
		link.rel = 'stylesheet';
		link.type = 'text/css';
		link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
		document.getElementsByTagName( 'head' )[0].appendChild( link );
	</script>

	<!--[if lt IE 9]><script src="lib/js/html5shiv.js"></script><![endif]-->
</head>

<body>
	<div class="reveal">

		<!-- Any section element inside of this container is displayed as a slide -->
		<div class="slides">
			<section class="center">
				<h1>IoT and Security</h1>
				<h3>by Eugene Teo & Sayanee Basu</h3>
				<p>
					<small>Use ⬅️ ➡️ keys to navigate these slides</small>
				</p>
			</section>

			<section class="center">
				<h2>Why IoT?</h2>
			</section>

			<section>
				<h2>Fun with IoT</h2>
          <img src="images/funwithiot.png" width="53%">
          <a href="https://learn.adafruit.com/search?q=iot&">https://learn.adafruit.com/search?q=iot&</a>
			</section>

			<section>
				<h2>Fun with IoT</h2>
          <img src="images/funwithiot2.png" width="65%">
          <a href="https://www.coursera.org/specializations/iot">https://www.coursera.org/specializations/iot</a>
			</section>

			<section>
				<h2>Fun with IoT</h2>
          <img src="images/smart-home-living.jpg" width="80%">
			</section>

			<section>
				<h2>Fun with IoT</h2>
	   <iframe width="890" height="531" src="https://www.youtube.com/embed/xcA7iXSNmZE?start=6" frameborder="0" allowfullscreen></iframe>
			</section>

			<section>
				<h2>Fun with IoT</h2>
          <pre><code class="hlruby">[...]
require 'net/telnet'

coffee_machine_ip = '10.10.42.42'
password = '1234'
password_prompt = 'Password: '
delay_before_brew = 17
delay = 24

sleep delay_before_brew
con = Net::Telnet.new('Host' => coffee_machine_ip)
con.cmd('String' => password, 'Match' => /#{password_prompt}/)
con.cmd('sys brew')
sleep delay
con.cmd('sys pour')
con.close</code></pre>
        <a href="https://github.com/NARKOZ/hacker-scripts/blob/master/fucking_coffee.rb">https://github.com/NARKOZ/hacker-scripts/</a>
			</section>

			<section>
				<h2>Fun with IoT</h2>
        <img src="images/webcamxp1.png" width="70%">
        <a href="hxxp://80.234.37.94/">hxxp://80.234.37.94/</a>
			</section>

			<section class="center">
        <h2><strong style="background:#ffda01">Why Do We Care about Security?</strong></h2>
			</section>

			<section>
				<h2><strong style="background:#ffda01">(Not)</strong> Fun with IoT</h2>
        <img src="images/webcamxp2.png" width="100%">
        <a href="https://www.shodan.io/">https://www.shodan.io/</a>
			</section>

			<section>
				<h2><strong style="background:#ffda01">(Not)</strong> Fun with IoT</h2>
        <img src="images/webcamxp3.png" width="100%">
        <a href="https://www.shodan.io/">https://www.shodan.io/</a>
			</section>

			<section>
				<h2><strong style="background:#ffda01">(Not)</strong> Fun with IoT</h2>
        <img src="images/webcamxp4.png" width="80%">
        <a href="https://www.shodan.io/">https://www.shodan.io/</a>
			</section>

			<section>
				<h2><strong style="background:#ffda01">(Not)</strong> Fun with IoT</h2>
        <img src="images/shodan.png" width="80%">
        <a href="https://www.shodan.io/">https://www.shodan.io/</a>
			</section>

			<section>
				<h2><strong style="background:#ffda01">(Not)</strong> Fun with IoT</h2>
        <img src="images/cirt-default-passwords.png" width="80%">
        <a href="https://cirt.net/passwords">https://cirt.net/passwords</a>
			</section>

			<section class="center">
				<h2>What Drives the Modern Day Attacks?</h2>
			</section>

      <section>
        <h2>What Drives the Modern Day Attacks?</h2>
				<table>
					<thead>
						<tr>
							<th></th>
							<th>Traditional malware</th>
							<th>Hacktivism</th>
							<th>Targeted threat</th>
						</tr>
					</thead>
					<tbody>
						<tr>
							<td><b>Target</b></td>
							<td>Widespread, infecting anyone</td>
							<td>Organizations related to geopolitical tensions</td>
							<td>Specific organization or multiple organizations within a specific industry</td>
						</tr>
					</tbody>
					<tbody>
						<tr>
							<td><b>Attacker</b></td>
							<td>Individuals or small groups</td>
							<td>Individuals or networks of (anonymous) activists</td>
							<td>Attackers with time, resources and skills to design and execute organized attacks</td>
						</tr>
					</tbody>
				</table>
			</section>

			<section>
				<h2>What Drives the Modern Day Attacks?</h2>
				<table>
					<thead>
						<tr>
							<th></th>
							<th>Traditional malware</th>
							<th>Hacktivism</th>
							<th>Targeted threat</th>
						</tr>
					</thead>
					<tbody>
						<tr>
							<td><b>Goal</b></td>
							<td>For financial gains</td>
							<td>Drive political agendas</td>
							<td>Steal sensitive info or disrupt systems</td>
						</tr>
					</tbody>
					<tbody>
						<tr>
							<td><b>Approach<b></td>
								<td>Banking Trojans, ransomware, clickjacking</td>
								<td>DDoS, defacement, social media hacks</td>
								<td>Espionage, sabotage</td>
							</tr>
						</tbody>
					</table>
				</section>

			<section class="center">
				<h2>The <strong style="background:#ffda01">Motivations Are Similar</strong> for IoT attacks</h2>
			</section>

			<section>
				<h2>IoT Ransomware</h2>
				<a href="https://techcrunch.com/2016/10/02/what-makes-iot-ransomware-a-different-and-more-dangerous-threat/">"IoT ransomware is not about holding your data hostage"</a>
				<p>
					<a href="http://www.zdnet.com/article/why-the-internet-of-things-is-the-next-target-for-ransomware/">"Devices from pacemakers to cars could be rendered useless by ransomware infections"</a>
                                <p>
					<a href="https://motherboard.vice.com/en_us/article/internet-of-things-ransomware-smart-thermostat"><img src="images/ransomware-smart-thermostat.jpg" width="70%"></a>
				</p>
			</section>

			<section>
				<h2>IoT Ransomwear</h2>
				<iframe width="890" height="531" src="https://www.youtube.com/embed/shn3OM0hwwM?start=47" frameborder="0" allowfullscreen></iframe>
			</section>

			<section>
				<h2>IoT Ransomware</h2>
				<img src="images/austrian-hotel.png" width="30%">
				<p>
					<a href="https://www.schneier.com/blog/archives/2017/01/iot_ransomware_.html">"Attackers held an Austrian hotel network for ransom, demanding $1,800 in bitcoin to unlock the network."</a>
					<p>
						<a href="http://www.tomshardware.com/news/ransomware-didnt-lock-hotel-rooms,33528.html">"Romantik Seehotel Jägerwirt <i>did</i> indeed fall victim to ransomware that affected its electronic key system--by preventing the hotel from generating new key cards."</a>
					</p>
			</section>

			<section class="center">
				<h2>But IoT Security Is <strong style="background:#ffda01">Not Just about the Device!</strong></h2>
			</section>

			<section>
				<h2>It's about the IoT Ecosystem!</h2>
				<img src="images/leapfrog-my-pal-violet.jpg" width="45%">
				<p><a href="http://www.leapfrog.com/en-us/support/select-my-pals">Customize My Pal Violet</a> to say out your child's name!</p>
			</section>

			<section>
				<h2>IoT Data Breach</h2>
				<a href="http://www.cnbc.com/2015/12/02/vtech-hack-data-of-64m-kids-exposed.html"><img src="images/vtech-data-breach.png" width="40%">
				<p> "A cyber attack on digital toymaker VTech Holdings <strong style="background:#ffda01">exposed the data of 6.4 million children</strong>, the company said on Tuesday, in what experts called the largest known hack targeting youngsters."</p>

				<p>Press release: <a href="https://www.vtech.com/en/press_release/2015/statement/">Data Breach on VTech Learning Lodge</a></p>
			</section>

			<section>
				<h2>IoT DDoS</h2>
				<a href="https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html"><img src="images/mirai-botnet-map.png" width="60%"></a>
				<p> "Mirai-infected devices [...] mostly CCTV cameras [...] Other victimized devices included DVRs and routers."</p>
				<p> "Using a hit-and-run tactic, the attack peaked at 280 Gbps and 130 Mpps, both indicating a very powerful botnet."</p>
			</section>

			<section>
				<h2>Mirai Is Still Active</h2>
				<img src="images/360-mirai.png">
				<p><a href="https://www.google.com.sg/search?q=mirai+honeypots">Go play with a Mirai honeypot!</a></p>
			</section>

			<section>
				<h2>IoT Surveillance</h2>
				A recent example: <a href="hxxps://wikileaks.org/ciav7p1/cms/page_12353643.html">Weeping Angel</a>.
				<p> <a href="https://theintercept.com/2017/03/07/wikileaks-dump-shows-cia-could-turn-smart-tvs-into-listening-devices/">"with access to Samsung Smart TVs, allowing a television’s built-in voice control microphone to be remotely enabled while keeping the appearance that the TV itself was switched off, called “Fake-Off mode.” Although the display would be switched off, and LED indicator lights would be suppressed, the hardware inside the television would continue to operate, unbeknownst to the owner."</a> </p>
				<p> <a href="https://www.theguardian.com/technology/2016/feb/09/internet-of-things-smart-home-devices-government-surveillance-james-clapper">"In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials."</a></p>
			</section>

			<section class="center">
				<h2>How Can We Improve Security?</h2>
			</section>

			<section>
				<h2>Avoid Problems Repeatedly Seen in IoT Devices</h2>
				<ul>
					<li>Use SSL for connections to the IoT device or the cloud</li>
					<li>Provide mutual authentication between the client and the server</li>
					<li>Enforce and use strong passwords</li>
					<li>Support 2FA for IoT cloud interfaces</li>
					<li>Protect against account harvesting, and implement account lockout</li>
					<li>Proper vulnerability management, and actively patch vulnerabilities found or reported</li>
					<li>Provide signed or encrypted firmware updates</li>
				</ul>

				<p><a href="https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-insecurity-in-the-internet-of-things-ds.pdf">Insecurity in the Internet of Things</a></p>
			</section>

			<section>
				<h2>Review the OWASP Internet of Things Top Ten Project</h2>
				<ul>
					<li>I1 Insecure Web Interface</li>
					<li>I2 Insufficient Authentication/Authorization</li>
					<li>I3 Insecure Network Services</li>
					<li>I4 Lack of Transport Encryption</li>
					<li>I5 Privacy Concerns</li>
					<li>I6 Insecure Cloud Interface</li>
					<li>I7 Insecure Mobile Interface</li>
					<li>I8 Insufficient Security Configurability</li>
					<li>I9 Insecure Software/Fireware</li>
					<li>I10 Poor Physical Security</li>
				</ul>

				<p><a href="https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf">Internet of Things Top Ten</a></p>
			</section>

			<section class="center">
				<h1>Adventures with <br><span class="fragment" data-fragment-index="1">😴</span> a lamp 💡<br><span class="fragment" data-fragment-index="1">😈</span> an oven 📺<br><span class="fragment" data-fragment-index="1">🙈</span> a router 📻</h1>
			</section>

			<section>
				<h2>Review the OWASP Internet of Things Top Ten Project</h2>
				<ul>
					<li><strong style="background:#ffda01">I1 Insecure Web Interface</strong></li>
					<li><strong style="background:#ffda01">I2 Insufficient Authentication/Authorization</strong></li>
					<li><strong style="background:#ffda01">I3 Insecure Network Services</strong></li>
					<li><strong style="background:#ffda01">I4 Lack of Transport Encryption</strong></li>
					<li>I5 Privacy Concerns</li>
					<li>I6 Insecure Cloud Interface</li>
					<li>I7 Insecure Mobile Interface</li>
					<li>I8 Insufficient Security Configurability</li>
					<li>I9 Insecure Software/Fireware</li>
					<li>I10 Poor Physical Security</li>
				</ul>

				<p><a href="https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf">Internet of Things Top Ten</a></p>
			</section>

			<section>
				<h2>3 demos</h2>
				<img src="images/demo.png" alt="Demo setup" height=520px style="float:left;">

				<h3 class="fragment" data-fragment-index="1">Questions to ask 🤔</h3>
				<p class="fragment" data-fragment-index="1">What's the insecurity?</p>
				<p class="fragment" data-fragment-index="1">Why should we care?</p>
				<p class="fragment" data-fragment-index="1">What's the fix?</p>
				<hr class="fragment" data-fragment-index="2">
				<h3 class="fragment" data-fragment-index="2">People 🕵🏻👩🏾‍🔧👨🏻‍💻👩🏼‍🏭</h3>
				<p class="fragment" data-fragment-index="2">security researcher</p>
				<p class="fragment" data-fragment-index="2">home owner</p>
				<p class="fragment" data-fragment-index="2">engineer / product manager</p>
			</section>

			<section>
				<h2>Demo A</h2>
				<h3>I3 Insecure Network Services</h3>
				<p>Choose WiFi <strong style="background:#ffda01">ISSS614</strong> 🔊</p>
				<p>Go to URL <strong style="background:#ffda01">lamp.local</strong> on 📱 💻 🖥</p>
				<img src="images/welcome.png" alt="Login to lamp" height=1000px>
			</section>

			<section>
				<h2>Demo A: What's the insecurity?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>insecure open WiFi</li>
				</ul>
				<br><br>
				<img src="images/wifi.png" height=1000px class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo A: Why should we care?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>cannot rely on device owner's network</li>
				</ul>

				<img src="images/casestudy1.png" alt="WeMo baby monitor" height=700px class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo A: What's the fix?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>Use WPA2 encrypted WiFi</li>
					<li>Change router's default password</li>
					<li>Use devices on a separate home network</li>
				</ul>
				<img src="images/wifi-tips.png" alt="" class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo B</h2>
				<h3>I1 Insecure Web Interface</h3>
				<p>Choose WiFi <strong style="background:#ffda01">ISSS614</strong> 🔊</p>
				<p>Go to URL <strong style="background:#ffda01">lamp.local</strong> on 📱 💻 🖥</p>
				<p>Access oven and sniff packets</p>
				<img src="images/sniff.png" alt="Sniff packets from oven">
			</section>

			<section>
				<h2>Demo B</h2>
				<h3>I4 Lack of Transport Encryption</h3>
				<p>Choose WiFi <strong style="background:#ffda01">ISSS614</strong> 🔊</p>
				<p>Go to URL <strong style="background:#ffda01">lamp.local</strong> on 📱 💻 🖥</p>
				<p>Access oven and sniff packets</p>
				<img src="images/sniff.png" alt="Sniff packets from oven">
			</section>

			<section>
				<h2>Demo B: What's the insecurity?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>username and password are send over clear text</li>
				</ul>

				<img src="images/open.png" alt="" class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo B: Why should we care?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>private data being sniffed</li>
				</ul>
				<img src="images/casestudy2.png" alt="" class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo B: Why should we care?</h2>
				<ul class="fragment" data-fragment-index="1">
                                        <li>decryption key + handshake capture = possible snooping</li> 
				</ul>
                                <br><br>
				<img src="images/casestudy2b.png" alt="" class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo B: What's the fix?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>use TLS / HTTPS</li>
				</ul>
				<img src="images/https.png" alt="use HTTPS / TLS " class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo C</h2>
				<h3>I2 Insufficient Authentication/Authorization</h3>
				<p>Go to URL <strong style="background:#ffda01">https://lamp.local</strong> on 📱 💻 🖥</p>
				<p>Access oven and scan for devices</p>
				<img src="images/default.png" height=400px>
			</section>

			<section>
				<h2>Demo C: What's the insecurity?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>default username and password</li>
					<li>full control of the device</li>
				</ul>
				<p></p>
				<pre class="fragment" data-fragment-index="1"><code class="bash">#!/bin/bash

while true; do
  echo 0 > /sys/class/gpio/gpio18/value
  sleep 5
done
				</code></pre>
				<img src="images/blackout.png" height=400px style="float:left;" class="fragment" data-fragment-index="2">
				<img src="images/lightbulb.png" height=560px class="fragment" data-fragment-index="2">
			</section>

			<section>
				<h2>Demo C: Why should we care?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>physical infrastructure compromised</li>
				</ul>
				<img src="images/casestudy3.png" height=800px class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Demo C: What's the fix?</h2>
				<ul class="fragment" data-fragment-index="1">
					<li>force users to change default login</li>
					<li>have a mechanism to remotely update</li>
				</ul>
				<img src="images/default-password.png" alt="" class="fragment" data-fragment-index="1">
			</section>

			<section>
				<h2>Developing IoT products</h2>
				<ul>
					<li>work with security researchers from day 1</li>
					<li>build a mechanism to remotely update firmware</li>
					<li>never rely on the security of device's network</li>
					<li>interoperability is challenging</li>
					<li>unique default password for every device</li>
					<li>use state of the art encryption</li>
					<li>design to limit the scope of damage</li>
				</ul>
			</section>

			<section class="center">
				<h1>Thanks!</h1>
				<p>slides: <a href="https://sayan.ee/iot-security-lecture">https://sayan.ee/iot-security-lecture</a></p>
				<br>
				<p>demo code:<br> <a href="https://github.com/sayanee/iot-security-lecture/tree/master/demo">github.com/sayanee/iot-security-lecture/tree/master/demo</a></p>
                                <br>
                                <p>eugene's homepage: <a href="https://temasek.org">https://temasek.org</a></p>
			</section>
		</div>
	</div>

	<script src="lib/js/head.min.js"></script>
	<script src="js/reveal.js"></script>

	<script>
		// More info https://github.com/hakimel/reveal.js#configuration
		Reveal.initialize({
			controls: false,
			progress: false,
			history: true,
			center: false,

			transition: 'none', // none/fade/slide/convex/concave/zoom

			// More info https://github.com/hakimel/reveal.js#dependencies
			dependencies: [
				{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
				{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
				{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
				{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
				{ src: 'plugin/zoom-js/zoom.js', async: true },
				{ src: 'plugin/notes/notes.js', async: true }
			]
		});
	</script>
</body>
</html>
